Now that I've read a bunch of articles and have seen a pile of examples of how pairs of a certificate and a private key can be created I must say they all suggest different approaches and techniques to creating certificates and ultimately bewildered me.

Could anyone please explain as simply as possible, in layman's terms what exactly must be done?

Let's talk about simple scenario with two hosts (A & B) involved, both running stunnel. Let us assume host A is the server and host B is the client.

cert = CAfile =

must be created. And we use verify level 3 (verify = 3)

So, what exactly do we do now? And what happens in the dialog between these two machines?